I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.
My questions are to those of you who self-host, firstly: why?
And how do you mitigate the risk of your internet going down at home and blocking your access while away?
BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.
I didn’t really consider the possibility of the client being compromised yet, good point.
Lastpass was hacked and might have lost control of some data https://blog.lastpass.com/posts/2022/12/notice-of-security-incident
1Pass hasn’t been hacked directly, but they were affected by the Okta https://blog.1password.com/okta-incident/
(One of the most common vectors for hacks is through your vendors - see Target https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)
Dropbox had an unauthorized access, but the seemed on top of it. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Dropbox also has had a more significant data breech, but a while ago. https://www.twingate.com/blog/tips/dropbox-data-breach#
Overview of all password manager breeches! https://bestreviews.net/which-password-managers-have-been-hacked/